[vbox-dev] null pointer in macGuestSize
Michael Thayer
michael.thayer at oracle.com
Tue Apr 16 18:51:22 GMT 2013
Hello Ribhi,
Does this patch look good to you?
Regards,
Michael
Index: src/VBox/Frontends/VirtualBox/src/runtime/UIFrameBuffer.cpp
===================================================================
--- src/VBox/Frontends/VirtualBox/src/runtime/UIFrameBuffer.cpp
(revision 85072)
+++ src/VBox/Frontends/VirtualBox/src/runtime/UIFrameBuffer.cpp
(revision 85073)
@@ -158,24 +158,19 @@
return E_FAIL;
NOREF(uScreenId);
- /* A resize event can happen while we are switching machine view
classes,
- * but we synchronise afterwards so that shouldn't be a problem.
We must
- * temporarily remove the framebuffer in Display though while switching
- * to respect the thread synchronisation logic (see
UIFrameBuffer.h). */
+ *pbFinished = FALSE;
+ lock(); /* See comment in setView(). */
if (m_pMachineView)
QApplication::postEvent(m_pMachineView,
new UIResizeEvent(uPixelFormat, pVRAM,
uBitsPerPixel,
uBytesPerLine,
uWidth, uHeight));
else
- {
/* Report to the VM thread that we finished resizing and rely
on the
* synchronisation when the new view is attached. */
*pbFinished = TRUE;
- return S_OK;
- }
+ unlock();
- *pbFinished = FALSE;
return S_OK;
}
@@ -200,9 +195,11 @@
return E_POINTER;
*pbSupported = TRUE;
- if (!m_pMachineView)
- return S_OK;
- QSize screen = m_pMachineView->maxGuestSize();
+ lock(); /* See comment in setView(). */
+ QSize screen;
+ if (m_pMachineView)
+ screen = m_pMachineView->maxGuestSize();
+ unlock();
if ( (screen.width() != 0)
&& (uWidth > (ULONG)screen.width())
&& (uWidth > (ULONG)width()))
@@ -249,7 +246,10 @@
reg += rect;
++ rects;
}
- QApplication::postEvent(m_pMachineView, new UISetRegionEvent(reg));
+ lock(); /* See comment in setView(). */
+ if (m_pMachineView)
+ QApplication::postEvent(m_pMachineView, new UISetRegionEvent(reg));
+ unlock();
return S_OK;
}
@@ -271,6 +271,12 @@
void UIFrameBuffer::setView(UIMachineView * pView)
{
+ /* We are not supposed to use locking for things which are done
+ * on the GUI thread. Unfortunately I am not clever enough to
+ * understand the original author's wise synchronisation logic
+ * so I will do it anyway. */
+ lock();
m_pMachineView = pView;
m_WinId = (m_pMachineView && m_pMachineView->viewport()) ?
(LONG64)m_pMachineView->viewport()->winId() : 0;
+ unlock();
}
On 28/03/13 01:30, Ribhi Kamal wrote:
> It seems that UIMachineView::maxGuestSize() continues to execute while
> some other thread/process destroys the UIMachineView object. To test
> this out, I put in a hack in UIMachineView to basically SpinLock until
> any existing maxGuestSize exits. Then it sets a flag using a static
> variable to prevent maxGuestSize from using any member variables after
> the view has been destroyed. When the view is recreated, the flag is reset.
>
> I've attached is my hack (based on 4.2.10), it works pretty well and
> seems to stop the crash. I hope this will help you put in a better fix
> in the future.
>
> Just one question, Which process/thread executes maxGuestSize? An EMT
> thread?
>
> Cheers!
>
> fyi, There are cases where this hack will not work (in theory) so please
> don't use it.
>
>
> On Sat, Mar 16, 2013 at 4:09 PM, Ribhi Kamal <rbhkamal at gmail.com
> <mailto:rbhkamal at gmail.com>> wrote:
>
> Just happened while switching from full screen back to normal view.
> This is something new, only in 4.2, because the virtual machine used
> to crash only while closing it so it wasn't a big deal. I'll open a
> bug once I reproduce it with the released binaries... don't wait.
>
> Meanwhile, please let me know if you need any additional
> information/testing.
>
> Thanks,
> Ribhi
>
>
>
> On Fri, Mar 15, 2013 at 8:26 PM, Ribhi Kamal <rbhkamal at gmail.com
> <mailto:rbhkamal at gmail.com>> wrote:
>
> "Unfortunately, I can't find the log files"
>
> Obviously that is not true, I uploaded the logs to my dropbox
>
>
> On Fri, Mar 15, 2013 at 8:25 PM, Ribhi Kamal <rbhkamal at gmail.com
> <mailto:rbhkamal at gmail.com>> wrote:
>
> I've been seeing a crash when closing VirtualBox.exe that is
> almost never reproducible. Few days ago I managed to get a
> crash dump and ran the analysis, see below. At the time of
> the crash, I was closing the virtual machine after it had
> been running for ~24 hours. Unfortunately, I can't find the
> log files
>
> I'm using the following:
> VirtualBox 4.2.8 (Cross compiled with VS2010-SP1 on windows
> 7 64bit, Target Host = x86)
> Host Win7 32bit
> Guest Linux 2.6 32bit
> Build Type: Release
>
> Please let me know if you have any questions.
>
> Thanks,
> Ribhi
>
> Log files:
> Successful:
> https://www.dropbox.com/s/xrvcr8sud4z63ia/Success.log
> Crash: https://www.dropbox.com/s/p5pslbt3sl9cpeo/Crash.log
>
>
> 0:000> !analyze -v -f
> *******************************************************************************
>
> *
> *
> * Exception
> Analysis *
> *
> *
> *******************************************************************************
>
>
> GetPageUrlData failed, server returned HTTP status 404
> URL requested:
> http://watson.microsoft.com/StageOne/VirtualBox_exe/4_2_8_0/51420e3b/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1
>
>
> FAULTING_IP:
> VirtualBox!UIMachineView::maxGuestSize+18
> [c:\vboxbuild\virtualbox\4.2.8\src\src\vbox\frontends\virtualbox\src\runtime\uimachineview.cpp
> @ 702]
> *0145ed68 f00fc70f lock cmpxchg8b qword ptr [edi] *
>
> EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
> ExceptionAddress: 00000000
> ExceptionCode: 80000003 (Break instruction exception)
> ExceptionFlags: 00000000
> NumberParameters: 0
>
> FAULTING_THREAD: 00000ef4
>
> DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
>
> PROCESS_NAME: VirtualBox.exe
>
> ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint
> A breakpoint has been reached.
>
> EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651
> <tel:%282147483651>) - One or more arguments are invalid
>
> MOD_LIST: <ANALYSIS/>
>
> NTGLOBALFLAG: 0
>
> APPLICATION_VERIFIER_FLAGS: 0
>
> ADDITIONAL_DEBUG_TEXT: Followup set based on attribute
> [Is_ChosenCrashFollowupThread] from Frame:[0] on
> thread:[PSEUDO_THREAD]
>
> LAST_CONTROL_TRANSFER: from 0143bea0 to 0145ed68
>
> PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
>
> BUGCHECK_STR:
> APPLICATION_FAULT_STATUS_BREAKPOINT_NULL_POINTER_READ
>
> STACK_TEXT:
> 03a3ca98 0145ed68 virtualbox!UIMachineView::maxGuestSize+0x18
> 03a3cab0 0143bea0
> virtualbox!UIFrameBuffer::VideoModeSupported+0x30
> 03a3cac8 6927c724 vboxc!vmmdevVideoModeSupported+0x74
> 03a3caec 690b4edc vboxdd!vmmdevRequestHandler+0xecc
> 03a3fb5c 72f198d1 vboxvmm!IOMIOPortWrite+0x91
> 03a3fb84 72f0891f vboxvmm!HWACCMR3RestartPendingIOInstr+0xcf
> 03a3fba4 72ea303c vboxvmm!emR3ExecuteIOInstruction+0x1c
> 03a3fc78 72ea3589 vboxvmm!emR3HwaccmHandleRC+0x189
> 03a3fc8c 72ea3788 vboxvmm!emR3HwAccExecute+0x168
> 03a3fcb0 72ea0d84 vboxvmm!EMR3ExecuteVM+0x274
> 03a3fcd8 72efb2aa vboxvmm!vmR3EmulationThreadWithId+0x45a
> 03a3fcf8 72efb2f4 vboxvmm!vmR3EmulationThread+0x14
> 03a3fd0c 69ca1523 vboxrt!rtThreadMain+0x33
> 03a3fd38 69ce539b vboxrt!rtThreadNativeMain+0x6b
> 03a3fd58 6bb6c556 msvcr100!_endthreadex+0x3f
> 03a3fd90 6bb6c600 msvcr100!_endthreadex+0xce
> 03a3fd9c 76b4ed6c kernel32!BaseThreadInitThunk+0xe
> 03a3fda8 7722377b ntdll!__RtlUserThreadStart+0x70
> 03a3fde8 7722374e ntdll!_RtlUserThreadStart+0x1b
>
>
> STACK_COMMAND: .cxr 0000000003A3C7B4 ; kb ; dds 3a3ca98 ; kb
>
> FOLLOWUP_IP:
> VirtualBox!UIMachineView::maxGuestSize+0
> [c:\vboxbuild\virtualbox\4.2.8\src\src\vbox\frontends\virtualbox\src\runtime\uimachineview.cpp
> @ 701]
> 0145ed50 83ec0c sub esp,0Ch
>
> FAULTING_SOURCE_CODE:
> 697: RT_MAKE_U64(maxSize.height(),
> maxSize.width()));
> 698: }
> 699:
> 700: QSize UIMachineView::maxGuestSize()
> > 701: {
> 702: uint64_t u64Size =
> ASMAtomicReadU64(&m_u64MaxGuestSize);
> 703: return QSize(int(RT_HI_U32(u64Size)),
> int(RT_LO_U32(u64Size)));
> 704: }
> 705:
> 706: QSize UIMachineView::guestSizeHint()
>
>
> SYMBOL_NAME: virtualbox!UIMachineView::maxGuestSize+0
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: VirtualBox
>
> IMAGE_NAME: VirtualBox.exe
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 51420e3b
>
> FAILURE_BUCKET_ID:
> STATUS_BREAKPOINT_80000003_VirtualBox.exe!UIMachineView::maxGuestSize
>
>
> BUCKET_ID:
> APPLICATION_FAULT_STATUS_BREAKPOINT_NULL_POINTER_READ_virtualbox!UIMachineView::maxGuestSize+0
>
>
> WATSON_STAGEONE_URL:
> http://watson.microsoft.com/StageOne/VirtualBox_exe/4_2_8_0/51420e3b/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1
>
>
> Followup: MachineOwner
> ---------
>
> --
> -- Ribhi
>
>
>
>
> --
> -- Ribhi
>
>
>
>
> --
> -- Ribhi
>
>
>
>
> --
> -- Ribhi
>
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>
--
ORACLE Deutschland B.V. & Co. KG Michael Thayer
Werkstrasse 24 VirtualBox engineering
71384 Weinstadt, Germany mailto:michael.thayer at oracle.com
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Geschäftsführer: Jürgen Kunz
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
More information about the vbox-dev
mailing list